On May 21, 2014, at 10:31 PM, Nakia Brewer <nakia.bre...@westrac.com.au> wrote:
> Afternoon all, > > As I venture down the road of learning what the wonders of LC Server scripts > can do I find myself wondering how safe are the content of these scripts. > Being completely new to Web and Server development it's probably a silly > question but for example: > > I have a LC Server script that is called from a mobile testing app that > records the devices location into a MySQL Database using $_GET params. > In the LC Server Script file resides all my connection details for my > database etc. > > So, what stops someone from accidentally stumbling across that URL and > getting the content of that file? > > Or am I completely not understanding? > > Sorry in advance :) As John said .lc files are parsed by the server and only the output is visible to the browser. But I'm like you, when storing things like MySQL login credentials I'm nervous about saving them in plain text, even in a .lc file. So I take the extra step of storing the credentials in an encrypted form in a file separate from the .lc script that calls it. Then I have the .lc script read in and decrypt the login credentials before logging in to the MySQL server. It may be overkill and one extra step, but most hackers go for the low-hanging fruit. I figure this makes it harder, so the bad guys will just move on to other targets. My $.02. Devin Devin Asay Learn to code with LiveCode University http://university.livecode.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode